From 2a7cb13895ddbbbab933f3f14206fc66ce595b57 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Wed, 18 Sep 2024 17:59:45 -0400
Subject: [PATCH] Added grasshopper-ctr128 cipher.

---
 README.md                   | 1 +
 src/ssh_audit/ssh2_kexdb.py | 1 +
 2 files changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 4d89b17..275fcad 100644
--- a/README.md
+++ b/README.md
@@ -221,6 +221,7 @@ For convenience, a web front-end on top of the command-line tool is available at
  - Fixed crash when running with `-P` and `-T` options simultaneously.
  - Fixed host key tests from only reporting a key type at most once despite multiple hosts supporting it; credit [Daniel Lenski](https://github.com/dlenskiSB).
  - Fixed DHEat connection rate testing on MacOS X and BSD platforms; credit [Drew Noel](https://github.com/drewmnoel) and [Michael Osipov](https://github.com/michael-o).
+ - Added 1 new cipher: `grasshopper-ctr128`.
 
 ### v3.2.0 (2024-04-22)
  - Added implementation of the DHEat denial-of-service attack (see `--dheat` option; [CVE-2002-20001](https://nvd.nist.gov/vuln/detail/CVE-2002-20001)).
diff --git a/src/ssh_audit/ssh2_kexdb.py b/src/ssh_audit/ssh2_kexdb.py
index f65e014..44adb25 100644
--- a/src/ssh_audit/ssh2_kexdb.py
+++ b/src/ssh_audit/ssh2_kexdb.py
@@ -346,6 +346,7 @@ class SSH2_KexDB:  # pylint: disable=too-few-public-methods
             'des-cbc-ssh1': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
             'des-cbc@ssh.com': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
             'des': [[], [FAIL_DES], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
+            'grasshopper-ctr128': [[], [FAIL_UNTRUSTED]],
             'idea-cbc': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]],
             'idea-cfb': [[], [FAIL_IDEA], [WARN_CIPHER_MODE]],
             'idea-ctr': [[], [FAIL_IDEA]],